Global forum urges stronger e-commerce security
The Payment Card Industry Security Standards Council recommends strong security standards in the payment system in order to foster the e-commerce industry in Thailand.
"Asia-Pacific is one of the fastest growing regions for e-commerce and online transactions and hundreds of million dollars are being spent by online shoppers," said Jeremy King, international director of the PCI Security Standards Council.
Thailand is also experiencing tremendous growth and drawing interest as a hub for e-commerce. Apart from the creation of business opportunities, the Thai IT workforce will be afforded the opportunity to become security professionals to serve regional demand.
However, the high volume of money is also attracting fraud and cyberattacks, and deterring customers from utilising the online channel, Mr King.
The Payment Card Industry Security Standard Council (PCI SSC) is a global forum that develops, maintains and manages security standards for payment systems such as PCI Data Security Standard.
"The coming of online channels has made payments even riskier because you don't know if the other side is legitimate or there is a criminal middleman," said Troy Leach, chief technology officer at PCI SSC.
He said one of the biggest challenges facing the industry in Southeast Asia is the weakness of passwords and usernames.
"We need to have good passwords because when you look at the data globally, 63% of all data breaches were due to weak, default or bad passwords, according to Verizon Business Report," Mr Leach said.
He said e-commerce merchants should also make sure that the devices they use have been tested and passed security standards.
PCI SSC general manager Stephen Orfei said that the devaluation of data through different techniques such as EMV (a technical standard for smart payment cards created by Europay, MasterCard, and Visa that store data on integrated circuits in addition to magnetic stripes) at point of sale, point-to-point encryption and tokenisation could prevent criminals accessing obtained data.
"If you properly deploy those three technologies, which are available on a global scale, you devalue the data and make it useless for criminals," Mr Orfei said.
The Bank of Thailand's initiative to adopt chip-embedded cards is upgrading the security of the payment system, despite the expense. In Europe, the adoption of the chip cards has resulted in a significant drop in fraud, he said.
Chalee Vorakulpipat, head of the cybersecurity laboratory at the National Electronics and Computer Technology Center, said that even chip cards, which have been designed to prevent information theft, are still not absolutely safe since the only authentication required is the owner's signature, which can be forged.
He suggested that payment via credit or debit cards can adopt two-way authentication systems such as pin code instead of signatures.
Dynamic authentication that combines methods such as GPS can also be used to detect the transaction locations of credit cards, further enhancing safety.
Mr Chalee said the government should play a greater role in supporting the e-payment system by adopting the system for its own transactions.